This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dulles, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Cloudfront CDN service which utilizes a number of proxy IP Addresses (see below).
Server location:
Virginia, United States (US)
ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US
Scanner detections:
Detections (100% detected)
Scan engine
Details
Detections
Reason Heuristics
PUP.Somoto, PUP.Bundler.Somoto, Threat.Somoto.Bundler, PUP.Somoto.Bundler, PUP.Somoto.SITEONSPOT.Bundler (M), PUP.Somoto.Bundler (M)
100.00%
Baidu Antivirus
Adware.Win32.Somoto
60.00%
AVG
Downloader, Potentially harmful program Downloader.DFF
60.00%
K7 AntiVirus
Unwanted-Program
56.67%
avast!
Win32:Somoto-R [PUP], Win32:Somoto-P [PUP]
56.67%
Kaspersky
not-a-virus:Downloader.Win32.Agent, not-a-virus:Downloader.NSIS.Mazel
56.67%
VIPRE Antivirus
Trojan.Win32.Generic, Threat.4150696
56.67%
Sophos
Somoto BetterInstaller, PUA 'Somoto BetterInstaller'
56.67%
AhnLab V3 Security
Win-PUP/Somoto
56.67%
Panda Antivirus
PUP/MultiToolbar.A, Generic Suspicious
56.67%
Comodo Security
Application.Win32.Somoto.GDP
53.33%
Dr.Web
Trojan.Packed.28357, Adware.Somoto.132, Trojan.Packed.28357
53.33%
Malwarebytes
PUP.Optional.Somoto
50.00%
ESET NOD32
Win32/Somoto, Win32/Somoto.G potentially unwanted
50.00%
Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen, Win32/Virus.Downloader.192
50.00%
The domain sub.maxmulti.info has been seen to resolve to the following 104 IP addresses.
server-52-84-125-102.iad16.r.cloudfront.net
August 29, 2016
server-52-84-125-89.iad16.r.cloudfront.net
August 29, 2016
server-52-84-125-76.iad16.r.cloudfront.net
August 29, 2016
server-52-84-125-30.iad16.r.cloudfront.net
August 29, 2016
server-52-84-125-239.iad16.r.cloudfront.net
August 29, 2016
server-52-84-125-169.iad16.r.cloudfront.net
August 29, 2016
server-52-84-125-126.iad16.r.cloudfront.net
August 29, 2016
server-52-84-125-103.iad16.r.cloudfront.net
August 29, 2016
server-52-84-125-119.iad16.r.cloudfront.net
July 5, 2016
server-52-84-125-85.iad16.r.cloudfront.net
July 5, 2016
server-52-84-125-57.iad16.r.cloudfront.net
July 5, 2016
server-52-84-125-40.iad16.r.cloudfront.net
July 5, 2016
server-52-84-125-224.iad16.r.cloudfront.net
July 5, 2016
server-52-84-125-210.iad16.r.cloudfront.net
July 5, 2016
server-52-84-125-186.iad16.r.cloudfront.net
July 5, 2016
server-52-84-125-153.iad16.r.cloudfront.net
July 5, 2016
server-52-84-125-111.iad16.r.cloudfront.net
July 4, 2016
server-52-84-125-9.iad16.r.cloudfront.net
July 4, 2016
server-52-84-125-179.iad16.r.cloudfront.net
July 4, 2016
server-52-84-125-168.iad16.r.cloudfront.net
July 4, 2016
server-52-84-125-163.iad16.r.cloudfront.net
July 4, 2016
server-52-84-125-159.iad16.r.cloudfront.net
July 4, 2016
server-52-84-125-131.iad16.r.cloudfront.net
July 4, 2016
server-52-84-125-115.iad16.r.cloudfront.net
July 4, 2016
server-52-85-131-233.iad53.r.cloudfront.net
June 7, 2016
server-52-85-131-119.iad53.r.cloudfront.net
June 7, 2016
server-52-85-131-72.iad53.r.cloudfront.net
June 7, 2016
server-52-85-131-55.iad53.r.cloudfront.net
June 7, 2016
server-52-85-131-54.iad53.r.cloudfront.net
June 7, 2016
server-52-85-131-235.iad53.r.cloudfront.net
June 7, 2016
Showing 30 of 104 IP Addresses
File downloads found at URLs served by sub.maxmulti.info.
Latest 30 of 30 download URLs
The following 55 files have been seen to comunicate with sub.maxmulti.info in live environments.
URL:
http://sub.maxmulti.info/
Network:
Amazon Cloudfront